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DETAILED ACTION 

Information Disclosure Statement 

1 . The information disclosure statement filed 7/30/2003 has been placed in the 
application file and the information referred to therein has been considered as to the 
merits. 

Specification 

2. The title of the invention is not descriptive. A new title is required that is clearly 
■ indicative of the invention to which the claims are directed. 

Claim Rejections - 35 USC § 101 

3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

4. Claim 1 is rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

This claim recites "an authentication method ...comprising the steps of causing 
... and allowing The claimed language does not have a tangible result recited, 
"allowing" does not actually do something, there is no physical result. "Accessing" is a 
physical action. The claim however does not recite accessing, as such, it fails to fall 
within a statutory category. 
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Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in -the English language. . 

6. Claims 1 and 6 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Miller etal. (US 2003/0105981). 

a) As to claim 1 , Miller discloses an authentication method for using a 
plurality of Web servers to allow only a user in a certain group to access information in 
said Web servers, wherein a first Web server in said Web servers has a restricted 
access domain that only the user in said certain group is allowed to access from a client 
terminal and does not have authentication information regarding the user, and a second 
Web server in said Web servers has the restricted access domain (i.e. protected 
resources, see Miller paragraph 0023) that only the user in said certain group is allowed 
to access and further has said authentication information registered thereto (i.e. 
authentication for access control of protected resources and the use of authentication 
granted by one system as a basis for granting authentication on another system, see 
Miller paragraph 0003), comprising the steps of: 
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causing said first Web server (e.g. system 1, see Miller Fig. 1, element 102) to 
request authentication (see Miller paragraph 0045) from said second Web server (e.g. 
system 2, see Miller Fig. 1, element 104); and 

allowing said user to access said restricted access domain in said first Web 
server from said client terminal based on an authentication result provided to said first 
Web server by said second Web server (see Miller paragraph 0048). 

b) As to claim 6, Miller discloses an authentication apparatus for allowing 
only a user in a certain group to access information in a restricted access domain 
therein (i.e. an authentication method and system for access control of protected 
resources, see Miller paragraphs 0003, 0023) comprising: 

an authentication requested Web server registering part registering a Web server 
as an authentication requested Web server (e.g. system 2, see Miller Fig. 1, element 
104), said Web server having a same restricted access domain as said restricted 
access domain therein (e.g. protected resources, see Miller paragraph 0023) and 
further having authentication information regarding the user registered thereto (e.g. 
client registers with system 2, see Miller paragraphs 0055-0058; Fig. 3, element SOS- 
SI 0); and 

an authentication requesting part (e.g. system 1, see Miller Fig. 1 , element 102) 
requesting authentication from said Web server (see Miller paragraph 0045) with 
reference to said authentication requested Web server registering part when said 
authentication requesting part receives an access request (see Miller Fig. 2, element 
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202) for access to said restricted access domain therein from a client terminal of the 
user, 

wherein said Web server determines whether or not said authentication is valid 
(see Miller Fig. 2, element 214) and said access request is allowed based on an 
authentication result determined by said Web server (see Miller paragraph 0048). 

7. Claims 1-3 and 5-7 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Stewart (US 2004/0010714). 

a) As to claim 1 , Stewart discloses an authentication method for using a 
plurality of Web servers to allow only a user in a certain group to access information in 
said Web servers, wherein a first Web server in said Web servers has a restricted 
access domain that only the user in said certain group is allowed to access from a client 
terminal and does not have authentication information regarding the user, and a second 
Web server in said Web servers has the restricted access domain (i.e. protected 
resources/URL, see Stewart paragraph 0029) that only the user in said certain group is 
allowed to access and further has said authentication information registered thereto (i.e. 
authentication for access control of protected resources and the use of authentication 
granted by one system as a basis for granting authentication on another system, see 
Stewart paragraph 0008), comprising the steps of: 

causing said first Web server (e.g. FTP server and associated FTP 
authentication module, see Stewart, Fig. 4, elements 412 and 413) to request 
authentication (i.e. transmitting request for access to a protected resource, see Stewart 



Application/Control Number: 10/630,010 Page 6 

Art Unit: 2137 

paragraph 0029; Fig. 5, element 520) from said second Web server (e.g. Web server, 
see Stewart Fig. 4, element 414); and 

allowing said user to access said restricted access domain in said first Web 
server from said client terminal based on an authentication result provided to said first 
Web server by said second Web server (see Stewart paragraph 0029). 

b) As to claim 2, Stewart discloses the first Web server delivers an 
authentication information request received from said second Web server to said client 
terminal (i.e. Web server sends a response to the FTP authentication module 
requesting the user's credentials, see Stewart paragraph 0028) and then delivers 
authentication information received from said client terminal for said authentication 
information request to said second Web server (i.e. the FTP authentication module 
provide the Web server with the user's credentials by asking the user to provide 
credentials, see Stewart paragraph 0028). 

c) As to claim 3, Stewart discloses the second Web server (e.g. network 
based authentication service, see Stewart Fig. 3, element 318) receives an 
authentication request (see Stewart paragraph 0024) from a plurality of first Web 
servers (e.g. FTP server and Web server, see Stewart Fig. 3, elements 312 and 314). 

d) As to claim 5, Stewart discloses the first Web server (e.g. FTP server, see 
Stewart Fig. 4, element 412) delivers an authentication request (e.g. request with 
username and password, see Stewart paragraph 0026) to another first Web server (e.g. 
Web server, see Stewart Fig. 4, element 414) and said other first Web server delivers 
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the authentication request to said second Web server (e.g. network based 
authentication service, see Stewart Fig. 4, element 418). 

e) As to claim 6, Stewart discloses an authentication apparatus for allowing 
only a user in a certain group to access information in a restricted access domain 
therein (i.e. an authentication method and system for access control of protected 
resources, see Stewart paragraph 0029) comprising: 

an authentication requested Web server registering part registering a Web server 
as an authentication requested Web server (e.g. Web server, see Stewart Fig. 4, 
element 414), said Web server having a same restricted access domain as said 
restricted access domain therein (e.g. protected resources/URL, see Stewart paragraph 
0029) and further having authentication information regarding the user registered 
thereto (e.g. user's credentials in local user database, see Stewart paragraph 0030); 
and 

an authentication requesting part (e.g. FTP server and associated FTP 
authentication module, see Stewart, Fig. 4, elements 412 and 413) requesting 
authentication from said Web server (i.e. transmitting request for access to a protected 
resource, see Stewart paragraph 0029; Fig. 5, element 520) with reference to said 
authentication requested Web server registering part when said authentication 
requesting part receives an access request (see Stewart, Fig. 5, element 510) for 
access to said restricted access domain therein from a client terminal of the user, 
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wherein said Web server determines whether or not said authentication is valid 
and said access request is allowed based on an authentication result determined by 
said Web server (see Stewart paragraph 0029; Fig. 5, elements 525, 530, 535, 540). 

f) As to claim 7, Stewart discloses said authentication requesting part 
delivers an authentication information request received from said Web server to said 
client terminal (i.e. Web server sends a response to the FTP authentication module 
requesting the user's credentials, see Stewart paragraph 0028) and delivers 
authentication information supplied in response to said authentication information 
request by said client terminal to said Web server (i.e. the FTP authentication module 
provide the Web server with the user's credentials by asking the user to provide 
credentials, see Stewart paragraph 0028). 



Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject-matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over in view of 
Stewart (US 2004/0010714) in view of Gray (2002/0188738). 

Stewart discloses the authentication method as claimed in claim 1, however he is 
silent on the capability of having the first Web server delivers an authentication request 
to a plurality of second Web servers. Gray is relied on for the teaching of the first Web 
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server (e.g. proxy server, see Gray Fig. 4, element 24) delivers an authentication 
request to a plurality of second Web servers (e.g. authentication servers A, B, C see 
Gray Fig. 4, elements 30-34; paragraph 0046). It would have been obvious to one of 
ordinary skill in the art at the time of the invention to employ the use of the first Web 
server delivers an authentication request to a plurality of second Web servers in the 
system of Miller, as Gray teaches, so as to properly and effectively handle access 
request from client (see Gray paragraph 0047). 

Conclusion 

The prior arts made of record and not relied upon are considered pertinent to 
applicants disclosure. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Minh Dieu Nguyen whose telephone number is 571-272- 
3873. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is (571) 273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov . Should you 
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have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 
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